/ - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 5158

Added by daigle over 14 years ago

Separate code to do tls and non-tls authentication. Introduce AuthTLSException to make error handling easier.

     	private int ldapSearchTimeLimit;
     	private int ldapSearchCountLimit;
     	private String currentReferralInfo;
     	Hashtable env = new Hashtable(11);
     	Hashtable<String, String> env = new Hashtable<String, String>(11);
     	private Context rContext;
     	private String userName;
     	private String userPassword;
-...
     		logMetacat.warn("AuthLdap.ldapAuthenticate - Trying to authenticate: " +
     				userDN + " Using server: " + server);
     		LdapContext ctx = null;
     		double startTime;
     		double stopTime;
     		try {
     			Hashtable env = new Hashtable();
     			Hashtable<String, String> env = new Hashtable<String, String>();
     			env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
     			env.put(Context.PROVIDER_URL, server);
     			env.put(Context.REFERRAL, "throw");
     			try {
     				authenticated = authenticateTLS(env, userDN, password);
     			} catch (AuthTLSException ate) {
     				logMetacat.info("AuthLdap.ldapAuthenticate - error while negotiating TLS: "
     						+ ate.getMessage());
     				startTime = System.currentTimeMillis();
     				ctx = new InitialLdapContext(env, null);
     				// Start up TLS here so that we don't pass our jewels in
     				// cleartext
     				StartTlsResponse tls = (StartTlsResponse) ctx
     						.extendedOperation(new StartTlsRequest());
     				// tls.setHostnameVerifier(new SampleVerifier());
     				SSLSession sess = tls.negotiate();
     				ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
     				ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
     				ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
     				ctx.reconnect(null);
     				stopTime = System.currentTimeMillis();
     				logMetacat.info("AuthLdap.ldapAuthenticate - Connection time thru " + ldapsUrl + " was: "
     						+ (stopTime - startTime) / 1000 + " seconds.");
     				authenticated = true;
     			} catch (IOException ioe) {
     				logMetacat.info("AuthLdap.ldapAuthenticate - Caught IOException in login while negotiating TLS: "
     						+ ioe.getMessage());
     				if (secureConnectionOnly) {
     					return authenticated;
     				} else {
     					logMetacat.info("AuthLdap.ldapAuthenticate - Trying to authenticate without TLS");
     					env.put(Context.SECURITY_AUTHENTICATION, "simple");
     					env.put(Context.SECURITY_PRINCIPAL, userDN);
     					env.put(Context.SECURITY_CREDENTIALS, password);
     					startTime = System.currentTimeMillis();
     					ctx = new InitialLdapContext(env, null);
     					stopTime = System.currentTimeMillis();
     					logMetacat.info("AuthLdap.ldapAuthenticate - Connection time thru " + ldapsUrl + " was: "
     							+ (stopTime - startTime) / 1000 + " seconds.");
     					authenticated = true;
     					authenticated = authenticateNonTLS(env, userDN, password);
+    				}
+    			}
     		} catch (AuthenticationException ae) {
-...
     		return authenticated;
+    	}
     	private boolean authenticateTLS(Hashtable<String, String> env, String userDN, String password)
     			throws AuthTLSException{
     		logMetacat.info("AuthLdap.authenticateTLS - Trying to authenticate with TLS");
     		try {
     			LdapContext ctx = null;
     			double startTime;
     			double stopTime;
     			startTime = System.currentTimeMillis();
     			ctx = new InitialLdapContext(env, null);
     			// Start up TLS here so that we don't pass our jewels in
     			// cleartext
     			StartTlsResponse tls =
     				(StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
     			// tls.setHostnameVerifier(new SampleVerifier());
     			SSLSession sess = tls.negotiate();
     			ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
     			ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
     			ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
     			ctx.reconnect(null);
     			stopTime = System.currentTimeMillis();
     			logMetacat.info("AuthLdap.authenticateTLS - Connection time thru "
     					+ ldapsUrl + " was: " + (stopTime - startTime) / 1000 + " seconds.");
     		} catch (NamingException ne) {
     			throw new AuthTLSException("AuthLdap.authenticateTLS - Naming error when athenticating via TLS: " + ne.getMessage());
     		} catch (IOException ioe) {
     			throw new AuthTLSException("AuthLdap.authenticateTLS - I/O error when athenticating via TLS: " + ioe.getMessage());
+    		}
     		return true;
+    	}
     	private boolean authenticateNonTLS(Hashtable<String, String> env, String userDN, String password)
     			throws NamingException {
     		LdapContext ctx = null;
     		double startTime;
     		double stopTime;
     		logMetacat.info("AuthLdap.authenticateNonTLS - Trying to authenticate without TLS");
     		env.put(Context.SECURITY_AUTHENTICATION, "simple");
     		env.put(Context.SECURITY_PRINCIPAL, userDN);
     		env.put(Context.SECURITY_CREDENTIALS, password);
     		startTime = System.currentTimeMillis();
     		ctx = new InitialLdapContext(env, null);
     		stopTime = System.currentTimeMillis();
     		logMetacat.info("AuthLdap.authenticateNonTLS - Connection time thru " + ldapsUrl + " was: "
     				+ (stopTime - startTime) / 1000 + " seconds.");
     		return true;
+    	}
     	/**
     	 * Get the identifying name for a given userid or name. This is the name
     	 * that is used in conjunction withthe LDAP BaseDN to create a distinguished

     /**
      *  '$RCSfile$'
      *    Purpose: An Exception thrown when an error occurs because an
      *             AccessionNumber was invalid or used incorrectly
      *  Copyright: 2008 Regents of the University of California and the
      *             National Center for Ecological Analysis and Synthesis
      *    Authors: Michael Daigle
+     *
      *   '$Author: daigle $'
      *     '$Date: 2008-07-06 21:25:34 -0700 (Sun, 06 Jul 2008) $'
      * '$Revision: 4080 $'
+     *
      * This program is free software; you can redistribute it and/or modify
      * it under the terms of the GNU General Public License as published by
      * the Free Software Foundation; either version 2 of the License, or
      * (at your option) any later version.
+     *
      * This program is distributed in the hope that it will be useful,
      * but WITHOUT ANY WARRANTY; without even the implied warranty of
      * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      * GNU General Public License for more details.
+     *
      * You should have received a copy of the GNU General Public License
      * along with this program; if not, write to the Free Software
      * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
      */
     package edu.ucsb.nceas.metacat;
     /**
      * Exception thrown when an error occurs in a configuration administrative
      * class
      */
     public class AuthTLSException extends Exception {
     	/**
+    	 *
     	 */
     	private static final long serialVersionUID = 525418630212063646L;
     	/**
     	 * Create a new AuthTLSException.
+    	 *
     	 * @param message The error or warning message.
     	 */
     	public AuthTLSException(String message) {
     		super(message);
+    	}
+    }

Also available in: Unified diff

Project

General

Profile

Metacat

Revision 5158

Added by daigle over 14 years ago